thanks a lot! 发自我的 iPhone
> 在 2015年6月14日,16:32,Johannes Hubertz <[email protected]> 写道: > > Hi zhuyj and listreaders, > >> On 12.06.2015 10:54, zhuyj wrote: >> In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0, >> the whole system can not work well. >> If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can >> work well. > > I've had similar experience and found exactly one working solution. I > had to cut out local sbnet from tunnels to the other side, f.e. > > leftsubnet: 00.0.0.0/8 > rightsubnet: 10.1.0.0/16 > > results in tunnels on the right side to the left like this: > 0.0.0.0/5 > 8.0.0.0/7 > 10.0.0.0/16 > 10.2.0.0/15 > 10.4.0.0/14 > 10.8.0.0/13 > 10.16.0.0/12 > 10.32.0.0/11 > 10.64.0.0/10 > 10.128.0.0/9 > 11.0.0.0/8 > 12.0.0.0/6 > 16.0.0.0/4 > 32.0.0.0/3 > 64.0.0.0/2 > 128.0.0.0/1 > > > These are exactly all the possible nets except the local subnet. > > For calculating I use ipaddr.py, easily installed using > > apt-get install python-ipaddr > apt-get install python3-ipaddr > > May the source be with you. > > Kind regards from Cologne, Germany > > Johannes > > > -- > Johannes Hubertz > > Geschäftsführender Gesellschafter der hubertz-it-consulting GmbH > Sitz: Grengeler Mauspfad 111a, D-51147 Köln, European Common, > Handelsregister: Köln HRB55865, Ust.-ID Nr.: DE814465092 > Tel.: +49 (0) 1607421564 Electronic Mail: [email protected] > GnuPG Fingerprint: a81f e2da f1f9 a0e3 be20 b2b0 005e a2e3 cff5 a06f > > Ihr Service für Datenschutz und Informationssicherheit: > Verlässliche Netzwerke für vertrauliche Kommunikation > > [attachment] > > signature.asc > download: http://u.163.com/t0/4m2bp7zDz > > preview: http://u.163.com/t0/DqpRHjHvi > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
